External penetration testing (also called External infrastructure testing, Perimeter penetration testing, Network penetration testing) is a method of actively evaluating the security of a network by simulating an attack from a malicious source in public (cyber attacks), whilst Internal penetration testing (also called Internal infrastructure testing, Internal network testing) simulate an attack from a malicious source from inside Organization. The intent of a penetration test is to simulate a real-world attack situation with a goal of identifying if an attacker is able to access systems / data; can compromise data integrity and / or system availability.

A penetration test differs from a vulnerability scan, as a penetration test includes manual and automated testing for identifying vulnerabilities and then trying to exploit these. Conducting a vulnerability scan may be one of the first steps a penetration tester will perform in order to plan the testing strategy.

Whilst we take care of our clients network / applications and do it in a safe manner, there might still be a risk of systems availability is affected during the stage of exploiting the vulnerabilities found. As such, Clients having sensitive systems sometimes do prefer to undertake a penetration testing, but when it comes to system hacking phase, then a validation of vulnerabilities found is undertaken rather than actual exploitation. From our experience, it is relatively easy to exploit vulnerabilities, such as missing patches / updates, via tools (e.g. Metasploit); however it might take much longer time to exploit more advanced vulnerabilities found, which also might create a greater risk of systems unavailability.

CyberAudit offers professional External and Internal penetration testing. Our penetration techniques depend on organizations type, depth and complexity and specific environment. The following are the key phases followed in our penetration testing:

Footprinting and Reconaissance;

Scanning Networks;

System hacking.

For Senior Management and Security Professionals within the organization, we would like to recommend considering to undertake one of the following types of penetration testing: